1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-11 16:00:57 +00:00

test(storage): Update storage tests.

This commit is contained in:
Andrew Kozlik 2024-06-13 14:28:09 +02:00 committed by Andrew Kozlik
parent 183e53d3c2
commit 09ed141a0a
3 changed files with 6 additions and 10 deletions

View File

@ -41,6 +41,6 @@
/*
* Current storage version.
*/
#define NORCOW_VERSION ((uint32_t)0x00000004)
#define NORCOW_VERSION ((uint32_t)0x00000005)
#endif

View File

@ -113,7 +113,7 @@ NORCOW_SECTOR_SIZE = 64 * 1024
NORCOW_MAGIC = b"NRC2"
# Norcow version, set in the storage header, but also as an encrypted item.
NORCOW_VERSION = b"\x04\x00\x00\x00"
NORCOW_VERSION = b"\x05\x00\x00\x00"
# Norcow magic combined with the version, which is stored as its negation.
NORCOW_MAGIC_AND_VERSION = NORCOW_MAGIC + bytes(

View File

@ -10,17 +10,13 @@ from . import consts, prng
def derive_kek_keiv(salt: bytes, pin: str) -> (bytes, bytes):
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(),
length=consts.KEK_SIZE + consts.KEIV_SIZE,
length=consts.KEK_SIZE,
salt=bytes(salt),
iterations=10000,
iterations=20000,
backend=default_backend(),
)
pbkdf_output = kdf.derive(pin.encode())
# the first 256b is Key Encryption Key
kek = pbkdf_output[: consts.KEK_SIZE]
# following with 96b of Initialization Vector
keiv = pbkdf_output[consts.KEK_SIZE :]
kek = kdf.derive(pin.encode())
keiv = b"\0" * consts.KEIV_SIZE
return kek, keiv